Package: mitmproxy
Version: 0.13-1
Tags: security
With the --verify-upstream-cert option enabled, mitmproxy is supposed to
verify upstream servers certificate. However, it doesn't seem to verify
that the server hostname matches a domain name in the
subject's Common Name or subjectAltName field of the certificate.
For example, https://planet.debian.org/ certificate is invalid for this
host. But if you try to connect to it through mitmproxy, you get a valid
certificate with "planet.debian.org" in subjectAltName.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages mitmproxy depends on:
ii python 2.7.9-1
ii python-blinker 1.3.dfsg2-1
ii python-configargparse 0.10.0-1
ii python-html2text 2015.6.21-1
ii python-lxml 3.4.4-1+b1
ii python-netlib 0.13.1-1
ii python-pil 2.9.0-1+b1
ii python-pyasn1 0.1.9-1
ii python-pyparsing 2.0.3+dfsg1-1
ii python-tornado 4.2.1-1+b1
ii python-urwid 1.3.1-2
pn python:any <none>
--
Jakub Wilk
